Follow me on Twitter

Month: July 2015

Researchers at TrendLabs have identified new attack vectors for Flash vulnerabilities uncovered by HackingTeam. Instead of targeting users through targeted phishing campaigns that directed them to websites with malicious content. The team has found Flash malware embedded in office documents.

This is a change as more normally Microsoft Office attachments are targeted with macros etc. that target the Office suite of applications, sometimes calling out from them to get additional pieces of malware. In these new instances, the Office documents are just transporting an embedded Flash vulnerability. If the exploit succeeds, it is used to download the actual malware payload.

In the HackingTeam versions of this attack method, they would embed a Flash file which then would download the exploit.

To make detection more difficult, HTTPS is used to encrypt network traffic and at times the malware use is encrypted with a random 4-byte key.

Best Practices:

As always it is best to keep your Flash software up to date and either choose “click-to-play” in browsers or disable Flash entirely. These controls only work against attacks that use Flash in the browser. Flash in Microsoft Office is not protected by this. Completely disabling or removing Flash from your system is a better solution. Windows users can also use kill bits to disable Flash from running.

​Recently a security researcher revealed a series of high-severity vulnerabilities related to the native Android media player, Stagefright. The vulnerabilities carry serious security implications: an attacker could exploit them to remotely control and steal data from a device by sending the victim a multimedia message (MMS) packaged with an exploit or sending them to a website that contains the exploit.